Microsoft announced today the release of the October 2024 updates, addressing 118 critical security vulnerabilities. Among these, five are zero-day vulnerabilities, with two currently being actively exploited, and three are classified as critical, all related to remote code execution.

It’s important to note that this count does not include three vulnerabilities in Microsoft Edge, which were resolved on October 3.

We strongly recommend that users update their Windows operating systems as soon as possible to protect their devices from the newly discovered security vulnerabilities. The October 2024 update addresses 118 vulnerabilities, including five zero-days, with two being actively exploited. These updates are crucial as they patch critical flaws that could allow attackers to execute malicious code or access sensitive information. Applying these updates immediately is essential to strengthening digital security and reducing the risk of cyberattacks.

Zero-day vulnerabilities are security flaws that are discovered and exploited by attackers before developers or companies can issue a fix or update. They are called “zero-day” because the responsible parties have zero days to respond before the exploit is known. These vulnerabilities are particularly dangerous as they can be exploited without the knowledge of users or companies, leading to the execution of malicious code or the theft of sensitive data before security teams can release necessary patches.

This update addresses five zero-day vulnerabilities, with two confirmed to be actively exploited by hackers. These include:

CVE-2024-43573
An MSHTML spoofing vulnerability in Windows. Although specific details are limited, Microsoft clarified that this vulnerability is tied to the MSHTML platform, used by older versions of Internet Explorer and Microsoft Edge, which still have components in Windows. Microsoft stated, “Despite Internet Explorer 11 being deprecated on some systems and the old Microsoft Edge retired, the MSHTML, EdgeHTML, and JavaScript platforms continue to receive support.” This vulnerability could be similar to a past issue that exploited MSHTML to spoof file extensions in alerts when opening files. Last month, a similar MSHTML spoofing vulnerability was reported, involving Braille characters in file names used to disguise PDF files.

CVE-2024-43572
A remote code execution vulnerability in the Microsoft Management Console (MMC), allowing remote code execution via maliciously crafted saved console (MSC) files. Microsoft has implemented measures to block untrusted MSC files, protecting users from this vulnerability. While the exploitation details are undisclosed, Microsoft confirmed the vulnerability was reported by “Andres and Shadi.”

The other three vulnerabilities, announced but not exploited yet, are:

CVE-2024-6197
A remote code execution vulnerability in the open-source Curl library (libcurl), allowing code execution when connecting to a malicious server. This occurs when the server provides a specially crafted TLS certificate. Microsoft fixed the issue by updating the integrated libcurl library within Windows. Security researcher “z2_” identified the flaw, detailed in a HackerOne report.

CVE-2024-20659
A security feature bypass vulnerability in Windows Hyper-V, allowing a potential UEFI bypass, compromising the hypervisor and kernel. Microsoft stated, “On some devices, it may be possible to bypass UEFI, exposing the hypervisor and secure kernel to risk.” An attacker would need physical access to the device and a reboot to exploit this flaw. Discovered by Francisco Falcon and Ivan Arce from Quarkslab, public disclosure details are limited.

CVE-2024-43583
A privilege escalation vulnerability in Winlogon, allowing attackers to gain SYSTEM-level privileges in Windows. To mitigate this, administrators are advised to enable Microsoft’s first-party input method editor (IME) on their devices. Microsoft noted, “This step can help protect your device from potential vulnerabilities related to third-party IMEs during the login process.” The vulnerabilities were identified by researchers wh1tc and Zhenxiang Bing from pwnull.